Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

exchange 2007 smtp relay control by ip

3 views
Skip to first unread message

sawyer

unread,
Dec 28, 2009, 2:13:01 PM12/28/09
to
Hello

I have setup a SMTP receive connector that allows smtp relay. I have also
locked down this receive connector so it only receives mail from servers
that have these ip addresses. I then entered in the ip addresses for the
servers that were allowed to connect to this receive connector. The smtp
relay is working, but its working from any machine in the network, its not
preventing servers that haven't been added to the list of servers from
connecting. This is very strange, below is the properties for the smtp relay
connector. Again any machine on the network can relay, and as you can see
from the properties for the connector I have locked this connector down so
it only allows connections from certain individual ip's


AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {10.0.133.113:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
Fqdn : Securerelay.kbb.com
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64KB
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 15MB
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {10.7.13.140-255.255.255.255,
10.0.11
7.102-255.255.255.255,
10.0.130.100-2
55.255.255.255,
10.0.100.101-255.255.
255.255,
10.0.12.109-255.255.255.255,
10.0.62.100-255.255.255.255,
10.0.63
.111-255.255.255.255,
10.7.17.73-255.
255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
Server : IRV-EDC-VMS37
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Internal smtp relay WNLB
DistinguishedName : CN=Internal smtp relay
WNLB,CN=SMTP R
eceive
Connectors,CN=Protocols,CN=IRV
-EDC-VMS37,CN=Servers,CN=Exchange
Adm
inistrative Group
(FYDIBOHF23SPDLT),C
N=Administrative Groups,CN=Kelley
Blu
e Book,CN=Microsoft
Exchange,CN=Servi
ces,CN=Configuration,DC=corp,DC=kbb,D
C=com
Identity : IRV-EDC-VMS37\Internal smtp relay
WNL
B
Guid :
7ffeb41e-8b88-4e62-8979-0dd7edffd4a8
ObjectCategory :
corp.kbb.com/Configuration/Schema/ms-
Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 12/17/2009 11:54:28 AM
WhenCreated : 8/4/2009 7:38:00 PM
OriginatingServer : irv-edc-dc3.corp.kbb.com
IsValid : True


sawyer

unread,
Dec 28, 2009, 7:19:01 PM12/28/09
to
I am starting to think that the "onconnect" verb is not firing, but I don't
know how to confirm this? it is very strange though

"sawyer" <occo...@cox.net> wrote in message
news:7A6305D9-13A3-4A2E...@microsoft.com...

sawyer

unread,
Dec 29, 2009, 12:47:22 PM12/29/09
to
I deleted the connector and recreated it, now it is preventing servers from
connecting that havent been added to the list of ip that are allowed to
connect. Very strange indeed

"sawyer" <occo...@cox.net> wrote in message

news:B5ED2882-8766-4FD9...@microsoft.com...

sawyer

unread,
Dec 29, 2009, 2:35:05 PM12/29/09
to
Still not working. I have two HT servers (windows 2008) and they are
configured in a WNLB cluster. The two HT servers are configured with a
receive connector, and both receive connectors listen on the same ip
address. If I setup just one receive connector it works fine, but as soon as
I setup the second receive connector, I am unable to prevent Ip's from
connecting to the receive connector

"sawyer" <occo...@cox.net> wrote in message

news:CA7A5AD1-825E-4D63...@microsoft.com...

Ed Crowley [MVP]

unread,
Jan 3, 2010, 1:12:57 AM1/3/10
to
Your ranges look wrong. You have configured the ranges:
10.7.13.140 to 255.255.255.255,
10.0.117.102 to 255.255.255.255,
10.0.130.100 to 255.255.255.255,
10.0.100.101 to 255.255.255.255,
10.0.12.109 to 255.255.255.255,
10.0.62.100 to 255.255.255.255,
10.0.63.111 to 255.255.255.255, and
10.7.17.73 to 255.255.255.255,
which makes no sense. (In fact, specifying 10.0.12.109-255.255.255.255 does
the same thing as what you've done.) I think you're trying to restrict its
use to eight hosts, so I think you want to enter:

Set-ReceiveConnector -Identity "IRV-EDC-VMS37\Internal smtp
relay" -RemoteIPRanges
10.7.13.140,10.0.117.102,10.0.130.100,10.0.100.101,10.0.12.109,10.0.62.100,10.0.63.111,10.7.17.73
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.

"sawyer" <occo...@cox.net> wrote in message
news:7A6305D9-13A3-4A2E...@microsoft.com...

0 new messages